Hi there. This is version 0.5 of a template tentatively titled Clean. It has a deliberately sparse look, and was patterned after some of the more interesting corporate sites I have seen. Special features of this template include:

• Use of CSS throughout
• Form-based login, designed for use with web containers (it follows the J2EE j_security_check specification for servlet containers)
• Links to a "new user registration" form, designed to be used with a JDBC database. This is actually a separate web application rather than a mod to JSPWiki; see details on the JRegistrar application below.
• A new include, TopPanel.jsp, that includes links for login/logout, Home, Index, etc.
• A "features" panel on the right-hand side that contains featured content (user-editable)
• Tweaked search field and button
• Login (go to login form) and Logout (invalidate session) links in the top panel
• Graphical submit buttons for search and login (more coming later...)
• A standard logo (images/logo.jpg) that always appears in the upper-left-hand corner and links to the "Main" page. You will probably want to change the one that is there by default, since it is for my own site. ;)

Clean is based on JSPWiki 2.1.93-CVS. I hope you like it; if not, feel free to comment, tweak or rant.

-- Andrew Jaquith, April 2004

Screenshot

Yep, here it is:

Package contents

The enclosed zip file includes a number of new files and some changed files, which are enumerated below. The locations of these files are either relative to the webroot or src/webdocs, depending on whether you are looking at the binary distibution, or the source tree.

The new files include the template JSPs plus top-level "login" pages:

• LoginForm.jsp -- login form for J2EE containers; posts to j_security_check
• Logout.jsp -- invalidates the current session
• LoginRedirect.jsp -- protected resource that causes the redirect to LoginForm.jsp
• images/continue.png
• images/go.png
• images/logo.png
• images/signin.png
• templates/clean/TopMenu.jsp -- moved search bar here; not editable by end-users

Changed files (relative to the default template) include:

• etc/web.xml -- implements form-based auth instead of Basic; adds several protected resources
• templates/clean/jspwiki.css -- thorough re-working/re-organization of the stylesheet, without sacrificing compatibility with the default template
• templates/clean/EditContent.jsp -- removed search box; moved to TopMenu
• templates/clean/EditTemplate.jsp -- major changes
• templates/clean/LeftMenu.jsp -- eliminated login box, plus a few minor changes
• templates/clean/LeftMenuFooter.jsp -- shows copyright and "powered by" text
• templates/clean/LoginTemplate -- contains template-specific J2EE login form
• templates/clean/PageContent.jsp -- a few minor changes
• templates/clean/PreviewContent.jsp -- removed HRs
• templates/clean/ViewTemplate.jsp -- major changes

JRegistrar application

The blatant shill: I needed a secure, easy-to-use way to register new users and store their information in a database, for use by JSPWiki and other applications I intend to host. I was not aware of any stand-alone packages that would do the job, so I decided to write my own. The result is a small application tentatively called "JRegistrar." I have posted it on my personal website. For the curious: JRegistrar uses a database to store users' first & last names, organization, e-mail, and password (encoded as a SHA-1 hash). It is designed to be used as a Tomcat authentication realm, which is how I use it. Under the covers, it uses:

• Struts 1.1, for the MVC layer
• Tiles, for easy separation of presentation "panels" (I re-implemented the Clean layout as Tiles definitions)
• Commons Validator, to ensure that bad input is kept out
• JDBC prepared statements, to prevent SQL injection

In the future, I will be exploring how to integrate JRegistrar with JSPWiki 2.x's authorization model. I don't anticipate great difficulty in making them work together.

Comments and Discussion:

(starts here...) Any idea when you will have the authentication-implementation (JRegistrar) ready for use ? Is there an alternate authentication mechanism that could be used ? - RaghuHavaldar

Andy's amended reply: As noted above, I have just posted it. It is in a "0.2" release, which means that the basic functionality works and that it is reasonably well-documented. At the moment RDBMS is the only back-end identity store one can use with it, although there is a fairly well-documented set of interfaces that would make it easy to use LDAP and/or XML files also. One of the neater features is that the user Principal's name ("Bill Gates") is separate from their login id ("bill@thebeast.com"). So you login with your e-mail, and JSPWiki says "Greetings Bill Gates". - Andrew Jaquith

Will this work with mysql? - Njreist

Does this template work with newer code? Has anyone had this working the lastest Alpha 2.1.13 for example? JLH

Update: Yes it does work, I am not sure what was happening before, but I think it has something to do with the new template handling, where if a file is not found in the template dir, then it looks in default, some wires were crossed somewhere. JLH.

How to Install

When you unzip the template, you come up with several files. Place the jsp (LoginForm.jsp, LoginRedirect.jsp and LoginError.jsp) in webapps/JSPWiki/, next to Comment.jsp, ..., Wiki.jsp.

mv templates/clean into webapps/JSPWiki/templates

Update webapps/JSPWiki/WEB-INF/web.xml with the following patch:

134,149d103
<        By default we just limit access to the Delete.jsp, as it
<        is actually dangerous.
<    -->
<
<    <security-constraint>
<        <web-resource-collection>
<            <web-resource-name>Protected Area</web-resource-name>
<            <url-pattern>/Delete.jsp</url-pattern>
<        </web-resource-collection>
<        <auth-constraint>
<            <role-name>admin</role-name>
<            <role-name>user</role-name>
<        </auth-constraint>
<    </security-constraint>
<
<    <!--
157c111
<        To enable this, replace the previous section with this section.
---
>        To enable this, remove the comments signs.
166d119
<    <!--  START OF ACCESS RESTRICTION
170a124
>            <url-pattern>/LoginRedirect.jsp</url-pattern>
172,173c126
<            <url-pattern>/Comment.jsp</url-pattern>
<            <url-pattern>/Delete.jsp</url-pattern>
---
>            <url-pattern>/UserPreferences.jsp</url-pattern>
177,185d129
<            <http-method>HEAD</http-method>
<            <http-method>PUT</http-method>
<        </web-resource-collection>
<
<        <web-resource-collection>
<            <web-resource-name>Read-only Area</web-resource-name>
<            <url-pattern>/attach</url-pattern>
<            <http-method>DELETE</http-method>
<            <http-method>POST</http-method>
193d136
<    </security-constraint>
195c138,141
<    -->
---
>        <user-data-constraint>
>            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>        </user-data-constraint>
>    </security-constraint>
198,199c144,148
<       <auth-method>BASIC</auth-method>
<       <realm-name>JSPWiki Editor</realm-name>
---
>      <auth-method>FORM</auth-method>
>      <form-login-config>
>        <form-login-page>/LoginForm.jsp</form-login-page>
>        <form-error-page>/LoginForm.jsp</form-error-page>
>      </form-login-config>
201a151,164
>    <security-role>
>      <description>
>        This role includes all authenticated, non-administrative users
>      </description>
>      <role-name>user</role-name>
>    </security-role>
>
>    <security-role>
>      <description>
>        This role includes all authenticated, administrative users
>      </description>
>      <role-name>admin</role-name>
>    </security-role>
>